fixes

shainaraskas · shainaraskas · commit d85e4e8993c2 · 2025-06-18T13:06:35.000-04:00
diff --git a/deploy-manage/security/_snippets/find-endpoint.md b/deploy-manage/security/_snippets/find-endpoint.md
@@ -10,7 +10,7 @@ If you have many deployments, you can instead go to the **Hosted deployments** (
 4. In the deployment overview, under **Applications**, find the application that you want to test.
 5. Click **Copy endpoint**. The value looks something like the following:
 
-```subs=true
+```text subs=true
 https://my-deployment-d53192.es.{{example-default-dn}}
 ```
 
diff --git a/deploy-manage/security/azure-private-link-traffic-filters.md b/deploy-manage/security/azure-private-link-traffic-filters.md
@@ -70,7 +70,7 @@ The process of setting up the private connection with Azure Private link is spli
 | 1. [Create a private endpoint using {{ecloud}} service alias.](#ec-private-link-azure-dns) |  |
 | 2. [Create a DNS record pointing to the private endpoint](#ec-private-link-azure-dns). |  |
 |  | 3. [Create a private connection policy.](#ec-azure-allow-traffic-from-link-id) |
-|  | 4. [Associate the Azure Private Link rule set with your deployments](#ec-azure-associate-traffic-filter-private-link-rule-set). |
+|  | 4. [Associate the Azure Private Link rule set with your deployments](#ec-associate-traffic-filter-private-link-rule-set). |
 |  | 5. [Interact with your deployments over Private Link.](#ec-azure-access-the-deployment-over-private-link) |
 
 
@@ -83,7 +83,7 @@ The process of setting up the private connection with Azure Private link is spli
     Use [the service aliases for your region](/deploy-manage/security/azure-private-link-traffic-filters.md#ec-private-link-azure-service-aliases). Select the **Connect to an Azure resource by resource ID or alias** option. For example for the region `eastus2` the service alias is `eastus2-prod-002-privatelink-service.64359fdd-7893-4215-9929-ece3287e1371.eastus2.azure.privatelinkservice`
 
     ::::{note}
-    The Private Link endpoint is created in the `Awaiting Approval` state. We validate and approve the endpoints when you create the private connection policy using the Private Link `resource name` and `resource ID`, as described in the next section [Create a private connection policy](#ec-azure-allow-traffic-from-link-id).
+    The Private Link endpoint is created in the `Awaiting Approval` state. We validate and approve the endpoints when you create the private connection policy using the Private Link `resource ID`, as described in the next section [Create a private connection policy](#ec-azure-allow-traffic-from-link-id).
     ::::
 
 2. Create a DNS record.
@@ -111,7 +111,7 @@ Follow these high-level steps to add a private connection policy that can be ass
 1. [Find your private endpoint resource ID](/deploy-manage/security/azure-private-link-traffic-filters.md#ec-find-your-resource-id).
 2. [Create policies using the Private Link Endpoint resource ID](/deploy-manage/security/azure-private-link-traffic-filters.md#ec-azure-create-traffic-filter-private-link-rule-set).
 3. [Test the connection](#test-the-connection).
-4. [Associate the private endpoint with your deployment](/deploy-manage/security/azure-private-link-traffic-filters.md#ec-azure-associate-traffic-filter-private-link-rule-set).
+4. [Associate the private endpoint with your deployment](/deploy-manage/security/azure-private-link-traffic-filters.md#ec-associate-traffic-filter-private-link-rule-set).
 
 ### Find your private endpoint resource ID [ec-find-your-resource-id]
 
diff --git a/deploy-manage/security/ece-filter-rules.md b/deploy-manage/security/ece-filter-rules.md
@@ -23,7 +23,7 @@ Rule sets work as follows:
 
 - Traffic filter rule sets, when associated with a deployment, will apply to all deployment endpoints, such as {{es}}, {{kib}}, APM Server, and others.
 
-- Any traffic filter rule set assigned to a deployment overrides the default behavior of *allow all access over the public internet endpoint; deny all access over Private Link*. The implication is that if you make a mistake putting in the traffic source (for example, specified the wrong IP address) the deployment will be effectively locked down to any of your traffic. You can use the UI to adjust or remove the rule sets.
+- Any traffic filter rule set assigned to a deployment overrides the default behavior of *allow all access over the public internet endpoint*. The implication is that if you make a mistake putting in the traffic source (for example, specified the wrong IP address) the deployment will be effectively locked down to any of your traffic. You can use the UI to adjust or remove the rule sets.
 
 - You can mark a rule set as *default*. It is automatically attached to all new deployments that you create in its region. You can detach default rule sets from deployments after they are created. Note that a *default* rule set is not automatically attached to existing deployments.
 
diff --git a/deploy-manage/security/gcp-private-service-connect-traffic-filters.md b/deploy-manage/security/gcp-private-service-connect-traffic-filters.md
@@ -208,7 +208,7 @@ Create a new private connection policy.
 15.  Click **Create**.
 16. (Optional) You can [claim your Private Service Connect endpoint connection ID](/deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md), so that no other organization is able to use it in a private connection policy.
 
-The next step is to [associate the policy](#ec-associate-traffic-filter-private-link-rule-set) with your deployment.
+The next step is to [associate the policy](#ec-psc-associate-traffic-filter-psc-rule-set) with your deployment.
 
 ### Optional: Associate a policy with a deployment [ec-psc-associate-traffic-filter-psc-rule-set]
 
diff --git a/deploy-manage/security/network-security-policies.md b/deploy-manage/security/network-security-policies.md
@@ -20,7 +20,7 @@ Policies operate on the proxy. Requests rejected by the policies are not forward
 
 - You can assign multiple policies to a single deployment. The policies can be of different types. In case of multiple policies, traffic can match any associated policy to be forwarded to the resource. If none of the policies match, the request is rejected with `403 Forbidden`.
 - Policies, when associated with a deployment or project, will apply to all endpoints, such as {{es}}, {{kib}}, APM Server, and others.
-- Any policy assigned to a deployment overrides the default behavior of *allow all access over the public internet endpoint; deny all access over Private Link*. The implication is that if you make a mistake putting in the traffic source (for example, if you specified the wrong IP address) the deployment will be effectively locked down to any of your traffic. You can use the UI to adjust or remove the policies.
+- Any policy assigned to a deployment overrides the default behavior of *allow all access over the public internet endpoint*. The implication is that if you make a mistake putting in the traffic source (for example, if you specified the wrong IP address) the deployment will be effectively locked down to any of your traffic. You can use the UI to adjust or remove the policies.
 - You can [mark a policy as default](#default-network-security-policies). Default policies are automatically attached to all new resources of the matching resource type that you create in its region.
 
 ## Restrictions
